70 lines
3.3 KiB
YAML
70 lines
3.3 KiB
YAML
---
|
|
# tasks file for unifi_controller_rhel
|
|
|
|
- name: abort if os is not suitable
|
|
when: ansible_os_family != "RedHat"
|
|
fail: msg="{{ansible_os_family}} is not supported by this playbook"
|
|
|
|
- name: create mongo repository
|
|
template: src=mongodb-org-3.2.repo.j2 dest=/etc/yum.repos.d/mongodb-org-3.2.repo owner=root group=root
|
|
|
|
- name: install java and mongodb
|
|
when: ansible_os_family == "RedHat"
|
|
yum: name={{ item }} state=present
|
|
with_items:
|
|
- java-1.7.0-openjdk
|
|
- mongodb-org
|
|
|
|
- name: no need for the standard mongod service
|
|
service: name=mongod enabled=no state=stopped
|
|
|
|
- name: setup unifi group
|
|
group: name={{ unifi_controller_rhel_unifi_gid }} system=yes state=present
|
|
|
|
- name: setup unifi user
|
|
user: name={{ unifi_controller_rhel_unifi_uid }} home={{ unifi_controller_rhel_unifi_prefix }}/UniFi createhome=no shell=/sbin/nologin system=yes state=present
|
|
|
|
- name: copy unifi zipball to host
|
|
copy: src={{ unifi_controller_rhel_unifi_zip_file }} dest={{ unifi_controller_rhel_unifi_zip_dest }} force=no
|
|
|
|
- name: extract unifi
|
|
command: /usr/bin/unzip -o {{ unifi_controller_rhel_unifi_zip_dest }} -d {{ unifi_controller_rhel_unifi_prefix }} creates={{ unifi_controller_rhel_unifi_prefix }}/UniFi
|
|
|
|
- name: create unifi data directory
|
|
file: dest={{ unifi_controller_rhel_unifi_prefix }}/UniFi/data state=directory
|
|
|
|
- name: fix permissions
|
|
command: /bin/chown -R {{ unifi_controller_rhel_unifi_uid }}:{{ unifi_controller_rhel_unifi_gid }} {{ unifi_controller_rhel_unifi_prefix }}/UniFi
|
|
|
|
- name: symlink mongod binary to where unifi path
|
|
file: src=/usr/bin/mongod dest={{ unifi_controller_rhel_unifi_prefix }}/UniFi/bin/mongod state=link
|
|
|
|
- name: install custom config.properties
|
|
template: src=config.properties.j2 dest={{ unifi_controller_rhel_unifi_prefix }}/UniFi/data/config.properties owner={{ unifi_controller_rhel_unifi_uid }} group={{ unifi_controller_rhel_unifi_gid }}
|
|
|
|
- name: install init script
|
|
template: src=unifi.init.j2 dest=/etc/init.d/UniFi owner=root group=root mode=755
|
|
|
|
- name: copy ssl cert
|
|
when: not (unifi_controller_rhel_ssl_cert is none)
|
|
copy: src={{ unifi_controller_rhel_ssl_cert }} dest=/root/cert.crt force=no
|
|
|
|
- name: copy ssl key
|
|
when: not (unifi_controller_rhel_ssl_key is none)
|
|
copy: src={{ unifi_controller_rhel_ssl_key }} dest=/root/key.crt force=no
|
|
|
|
- name: copy ssl bundle
|
|
when: not (unifi_controller_rhel_ssl_bundle is none)
|
|
copy: src={{ unifi_controller_rhel_ssl_bundle }} dest=/root/bundle.crt force=no
|
|
|
|
- name: convert ssl cert to pkcs12 format
|
|
when: not (unifi_controller_rhel_ssl_cert is none or unifi_controller_rhel_ssl_key is none or unifi_controller_rhel_ssl_bundle is none)
|
|
shell: openssl pkcs12 -export -in /root/cert.crt -inkey /root/key.crt -out /root/unifi.p12 -name unifi -CAfile /root/bundle.crt -caname root -password pass:aircontrolenterprise
|
|
|
|
- name: convert ssl cert to keystore
|
|
when: not (unifi_controller_rhel_ssl_cert is none or unifi_controller_rhel_ssl_key is none or unifi_controller_rhel_ssl_bundle is none)
|
|
shell: keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore {{ unifi_controller_rhel_unifi_prefix }}/UniFi/data/keystore -srckeystore /root/unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi -noprompt
|
|
|
|
- name: start unifi service
|
|
service: name=UniFi enabled=yes state=started
|